daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-3982.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-13 11:57:17 -04:00
parent 899d92d126
commit c0943d40a1
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2022/CVE-2022-3982.yaml
View File

@ -1,12 +1,12 @@
id: CVE-2022-3982 id: CVE-2022-3982
info: info:
name: Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload name: WordPress Booking Calendar <3.2.2 - Arbitrary File Upload
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: Fixed in 3.2.2 remediation: Fixed in 3.2.2.
reference: reference:
- https://wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867 - https://wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867
- https://wordpress.org/plugins/booking-calendar/ - https://wordpress.org/plugins/booking-calendar/
@ -78,3 +78,5 @@ requests:
- status_code_3 == 200 - status_code_3 == 200
- contains(body_3, 'e1bb1e04b786e90b07ebc4f7a2bff37d') - contains(body_3, 'e1bb1e04b786e90b07ebc4f7a2bff37d')
condition: and condition: and
# Enhanced by md on 2023/04/13